VIRUS ALERT

Viruses and worms
1

I just had a virus alert supposedly from Windows to say I had a virus and to scan the system which I did. I have copied the result and will post it below, I am worried because after clicking to remove the viruses I now have a warning that " This type of file can damage your computer. Are you sure you want to download Antivir…installer.exe" I haven’t downloaded it because I am suspicious, because of the warning re download when it’s supposedly windows and also because I have avast pro installed. Any advice anyone? I don’t want to do any more surfing until I’ve got these issues sorted.

Thanks for taking the time to read this and look forward to receiving your comments. Mamma-p

Virus infections have been detected!

Status

Warning! Your security level is critical!
Scanner has detected harmful Malicious Threats on your PC. To
prevent System Crash we strongly recommend you to remove the
following threats:

Name Threat level
Adware.Win32.Look2me.abCritical
AdvWare.HotbarHigh
Trojan-PSW.Win32.LdPinch.abmHigh
Trojan Horse IRC/Backdoor.SdBot4.FRVMedium
W32.Benjamin.WormCritical
W32.Mypics.Worm.36352Medium
W32.Nimda.J@mmMedium

Threats Detected: 7

Click “Repair All” to erase all harmful threats from
your system Repair All

2

This is i guess a fake warning

download and scan with Malwarebytes
http://filehippo.com/download_malwarebytes_anti_malware/
UPDATE and run quick scan. click on “REMOVE SELECTED” to quarantine anything found, and restart

You may have this

Remove Antivir and Antivir 2010 (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-antivir

3

Hi mamma-p,

Hi pondus you beaten me just in a second,

The virus alert supposedly is not from Windows but a scare from a rogue-AV programme.
Please do a full scan with MBAM and report the logfile here as an added txt file in your reply-posting,

Download MBAM from here: http://www.malwarebytes.org/mbam-download.php

polonus

4

Thank you for the speedy replies, I did as you suggested and ran a quick scan which found 2 infections, both were ‘false trojan’ or similar, I chose to save it but now can’t find it! ???. I’m now running a full scan and it has found another infection so far. I will c&p the results of the current scan and post the file before re-start.

5

Ok, found the log file, didn’t look in the right place! This is the first one…

Malwarebytes’ Anti-Malware 1.44
Database version: 3703
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/02/2010 20:36:45
mbam-log-2010-02-07 (20-36-45).txt

Scan type: Quick Scan
Objects scanned: 102880
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\New User\My Documents\downloads\unconfirmed 5169.download (Trojan.FakeAlert) → Quarantined and deleted successfully.
C:\Documents and Settings\New User\My Documents\downloads\unconfirmed 93031.download (Trojan.FakeAlert) → Quarantined and deleted successfully.

2nd, full san

Malwarebytes’ Anti-Malware 1.44
Database version: 3703
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/02/2010 21:15:08
mbam-log-2010-02-07 (21-15-08).txt

Scan type: Full Scan (C:|D:|)
Objects scanned: 145520
Time elapsed: 30 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\New User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0045c4 (Trojan.FakeAlert) → Quarantined and deleted successfully.

I think you are right Pondus, that looks exactly like the alert I got.

6

Hi mamma-p,

That was a fake av program that was quarantined by MBAM, and good riddance.
Good you reported here and are now free of malware,

polonus

7

Thank you very much, you saved me from a major headache and I really appreciate the help. :smiley:

8

Do weekly scan with Malwarebytes, and always update before you scan :wink:

9

Ok, thanks Pondus, I will do that, I had malwarebytes for a few months but it never picked anything up so I uninstalled it, I won’t be uninstalling it again, it’s here to stay! :smiley:

10

i don`t need insurance, nothing happens here :P… yeaaa…right… ;D

11

@ Pondus

Why only weekly ???

Isn’t it best to run a check daily as it would be best to find out as soon as possible about an infection so that it can be removed quickly!

A Quick scan only takes a few minutes and can identify recent infections and then remove them.

@ mamma-p

The resident protection of Malwarebytes is quite inexpensive and is a one time charge per system that provides additional coverage of avast!'s protection.

12
@ Pondus

Why only weekly

Isn’t it best to run a check daily as it would be best to find out as soon as possible about an infection so that it can be removed quickly!

A Quick scan only takes a few minutes and can identify recent infections and then remove them.


Jepp, true Kenny…weekly is recomended minimum… :wink:
and since the quick scan is so…quick, you can do it when you make the Tea… ;D…and do the full scan weekly/monthly

13

I’ll run a scan daily when I close down for the night, while I’m making my hot chocolate how’s that? ;D Thanks for the advice :smiley:

14

Hi All,

Please Pondus or Polonius, can you tell me why Avast! Evangelists like you say to download another software to solve this problem ?
Is Avast not able to do that or at least to detect such a virus ? Frightening, isn’t it ?

Regards.
Pulsar33

15

mamma-p,
It would be worthwhile trying to prevent an infection of this nature, rather than cleaning up afterward. Some of them are very hard to remove.
I suggest the use of a browser with at least a “prompt” set for scripting. (Firefox with “noscript” works very well indeed, and will stop dead a lot of this sort of “drive-by” download.)
Also consider getting a hosts file (Google MVPS Hosts, for one example) and/or a program called SpywareBlaster, by Javacool.

Pulsar33,
There isn’t an antivirus that can stop them all, every time. Malware variants are released frequently. By their nature, a blacklist-based scanner is reactive to these threats, the more “generic” or heuristic detections are enabled, the greater chance of a FP.
As part of a layered protection strategy, a second, and even a third demand scanner in addition to the resident is usually recommended. MBAM is currently one of the best of the crop.
An alternative is to use a whitelist-based protection. That requires (usually) a lot of user interaction and setting up, so isn’t so mainstream, although some of them are getting pretty user friendly.

16

No security program have 100% detection, if there was one that had that, everyone could just install that and the virusproblem would be gone… :smiley:
Malwarebytes have a limited detection, they do specialized detections, like rogue security software where MBAM is the best in the world

17

CooL ! :stuck_out_tongue:
I was already paranoid …
Now I’ve just to jump through the window ;D

Thanks for your answers, Pondus and Tarq57
Good night all

Pulsar33